Paper 2006/234

RFID Security: Tradeoffs between Security and Efficiency

Ivan Damgård and Michael Østergaard

Abstract

Recently, Juels and Weis defined strong privacy for RFID tags. We add to this definition a completeness and a soundness requirement, i.e., a reader should accept valid tags and only such tags. For the case where tags hold independent keys, we prove a conjecture by Juels and Weis, namely in a strongly private and sound RFID system using only symmetric cryptography, a reader must access virtually all keys in the system when reading a tag. It was already known from work by Molnar et al. that when keys are dependent, the reader only needs to access a logarithmic number of keys, but at a cost in terms of privacy: for that system, strong privacy is lost if an adversary corrupts only a single tag. We propose protocols offering a new range of tradeoffs between security and efficiency. For instance the number of keys accessed by a reader to read a tag can be significantly smaller than the number of tags while retaining security, as long as we assume suitable limitations on the adversary.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptographic protocolsRFID securitysymmetric cryptographyprotocols
Contact author(s)
ivan @ daimi au dk
History
2006-07-31: last of 2 revisions
2006-07-13: received
See all versions
Short URL
https://ia.cr/2006/234
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/234,
      author = {Ivan Damgård and Michael Østergaard},
      title = {{RFID} Security: Tradeoffs between Security and Efficiency},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/234},
      year = {2006},
      url = {https://eprint.iacr.org/2006/234}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.